Re: Internal key management system

Andres Freund <andres@anarazel.de>

From: Andres Freund <andres@anarazel.de>
To: Masahiko Sawada <masahiko.sawada@2ndquadrant.com>
Cc: Robert Haas <robertmhaas@gmail.com>, Fabien COELHO <coelho@cri.ensmp.fr>, PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>, Sehrope Sarkuni <sehrope@jackdb.com>, cary huang <hcary328@gmail.com>, "Moon, Insung" <tsukiwamoon.pgsql@gmail.com>, Ibrar Ahmed <ibrar.ahmad@gmail.com>, Joe Conway <mail@joeconway.com>, Bruce Momjian <bruce.momjian@enterprisedb.com>
Date: 2020-02-07T18:24:40Z
Lists: pgsql-hackers
Hi,

On 2020-02-07 20:44:31 +0900, Masahiko Sawada wrote:
> Yeah I'm not going to use pgcrypto for transparent data encryption.
> The KMS patch includes the new basic infrastructure for cryptographic
> functions (mainly AES-CBC). I'm thinking we can expand that
> infrastructure so that we can also use it for TDE purpose by
> supporting new cryptographic functions such as AES-CTR. Anyway, I
> agree to not have it depend on pgcrypto.

I thought for a minute, before checking the patch, that you were saying
above that the KMS patch includes its *own* implementation of
cryptographic functions.  I think it's pretty crucial that it continues
not to do that...

Greetings,

Andres Freund